Three network security solutions

Not investing in additional network security solutions is shown to be a false economy

By Derek Brink

July 24, 2012

CIO UK

Share

Twitter

Facebook

LinkedIn

Data from Aberdeen Group’s 1Q 2012 Business Review indicate 21 per cent of UK-based organisations plan to make major technology investments in IT Security initiatives, such as data protection, identity and access management, endpoint or mobile security, and network security this year.

As IT leaders in the UK decide which investments are best for their respective organisations, they may find value in learning which network security solutions are being deployed by top-performing companies to cope with the ever-evolving security threat landscape.

As indicated by the light blue bars, all respondents have deployed network firewalls, while more than 4 out of 5 have also deployed technologies such as email monitoring and filtering (86 per cent), intrusion detection and prevention (82 per cent) and web monitoring and filtering (82 per cent).

Meanwhile, the blue and red lines superimposed on the light blue bars in Figure 1 indicate the percentage of the leaders (top fifth) and laggards (bottom 30 per cent) from Aberdeen’s study that have deployed these selected network security technologies.

In general, leaders have consistently deployed these technologies to a higher degree than have laggards.

The gap between the two lines indicates which technologies have the strongest correlation with top performance, such as intrusion detection and prevention.

But what about organisations for which network security consists solely of a firewall? Is this an effective strategy? For this analysis, Aberdeen looked at 27 companies whose network security is based on firewalls alone, with no intrusion detection or prevention and compared them with 119 companies whose security includes firewalls and a range of other network security solutions.

The leading performers from Aberdeen’s study are also included for reference.

Based on survey responses, Table 1 summarises the following averages for each group, normalised as a percentage of annual turnover:

- Total cost of IT Security-related incidents, such as costs not avoided - Total cost of IT Security initiatives, including estimates for all related costs for people, process and technologies - Total annual investment in IT Security, based on the sum of the above

Compared to leading performers, for example, we see the firewall-only group actually spent four times more in total, due in part to being less efficient.

The leaders typically manage their IT Security initiatives at higher scale and lower cost. But the biggest difference is due to the firewall-only group being less effective.

The firewall-only group bore the burden of higher costs not avoided compared to companies who deployed greater security defense-in-depth.

Network security solutions are evolving to reflect changing technical requirements; the result is some overlap and a bit of marketing-driven confusion, but the major categories include:

Firewalls plus advanced Intrusion Prevention SystemsResearch shows that, with multiple open paths through traditional network firewalls, most companies augment those with complementary technologies, such as intrusion detection and prevention solutions on the network, and anti-virus or anti-malware solutions at the endpoints.

This is designed to address what traditional firewalls cannot. A growing problem is that the traditional, signature-based approach for these complementary technologies is under significant stress in its own right, which is why advanced capabilities such as behavioural analysis and behavioural inspection of packets to decode protocols will become increasingly important.